Quantum-resistant Transport Layer Security

Abstract

The reliance on asymmetric public key cryptography (PKC) and symmetric encryption for cyber-security in current telecommunication networks is threatened by the emergence of powerful quantum computing technology. This is due to the ability of quantum computers to efficiently solve problems such as factorization or discrete logarithms, which are the basis for classical PKC schemes. Thus, the assumption that communications networks are secure no longer holds true. Quantum Key Distribution (QKD) and post-quantum cryptography (PQC) are the first cyber-security technologies that allow communications to resist the attacks of a quantum computer. To achieve quantum-resistant communications, the aforementioned technologies need to be incorporated into a network security protocol such as Transport Layer Security (TLS). In this paper, we describe and implement two novel, hybrid solutions in which QKD and PQC are combined inside TLS for achieving quantum-resistant authenticated key exchange: Concatenation and Exclusively-OR (XOR). We present the results, in terms of complexity and security enhancement, of integrating state-of-the-art QKD and PQC technologies into a practical, industry-ready TLS implementation. Our findings demonstrate that the adoption of a PQC-only approach enhances the TLS handshake performance by approximately 9% compared to classical methods. Furthermore, our hybrid PQC-QKD quantum-resistant TLS comes at a performance cost of approximately 117% during the key establishment process. In return, we substantially augment the security of the handshake, paving the road for the development of future-proof quantum-resistant communication systems based on QKD and PQC.